Enabling user privacy for changes of access to shared content

ABSTRACT

In one embodiment, a method for enabling user privacy for content on a network includes receiving input from a first user instructing at least one change in user access to shared content provided by a network system. The change modifies the user access from an existing set of one or more users of the network system to a different set of one or more users of the network system. The method checks a privacy setting associated with each of one or more referred users of the network system who are referred to by the shared content. The privacy setting indicates whether the associated referred user is to be sent a notification indicating that the at least one change in user access has been instructed.

BACKGROUND

Social network systems and services have become increasingly popular foruse over wide-area computer networks such as the Internet. A user of asocial network system can upload and post content which can becomeshared by allowing one or more users of the system to access thecontent. A user can specify which set of users has access to the sharedcontent. For example, a photograph can be posted which can be accessedby a set of users defined by the user, such as “friends” of the user asdesignated in a user group (e.g., “friends list” or “circle”) on thesocial network system. Furthermore, users can add descriptions orcomments to content, such as tags. These tags can name, identify orotherwise refer to other users of the social network system. Inaddition, a user may change which users have access to the sharedcontent. For example, the user may change user access from a particularuser group to general public access that includes all users of thesystem.

SUMMARY

Embodiments of the present application relate to enabling user privacyfor changes of access to shared content. In some embodiments, a methodfor enabling user privacy for content on a network includes receivinginput from a first user instructing at least one change in user accessto shared content provided by a network system. The change modifies theuser access from an existing set of one or more users of the networksystem to a different set of one or more users of the network system.The method checks a privacy setting that is associated with each of oneor more referred users of the network system who are referred to by theshared content. The privacy setting indicates whether the associatedreferred user is to be sent a notification indicating that the at leastone change in user access has been instructed.

In various embodiments of the above method, the existing set of userscan be a first predetermined user group associated with the first userand the different set of users can be a second predetermined user groupassociated with the first user. The existing set of users can be a firstdesignated user access level and the different set of users can be asecond designated user access level. The existing set of users caninclude a smaller number of users of the network than the different setof users, or a larger number of users. The existing set of users can bea first linked level of users including only users having a social linkto the first user, and the different set of users can include the firstlinked level users and one or more extended linked levels of usershaving a social link to the first linked level users.

The notification can be sent to each of the referred users who have aprivacy setting requiring the notification. The notification can be sentto each of the referred users when the access change matches one or morecorresponding predetermined conditions for each of the referred users tobe notified as specified in privacy settings, such as a condition thatthe change in access is made to designated user groups or users of thenetwork system. A prompt can be sent to the one or more notifiedreferred users, the prompt requesting that the one or more notifiedreferred users provide at least one permission to allow the at least onechange in user access to the shared content. In response to receiving adenial of permission to the change in access from one or more referredusers, the at least one change in access is not performed, or the changein access is performed except for identifications of the denyingreferred users in the shared content, or an identification of thedenying referred users is removed from the shared content. The promptcan allow the referred users to each specify a different change in useraccess to the shared content than the instructed change in user access.The referred users can be identified in the shared content by at leastone tag viewable by users having access to the shared content. Theshared content can include a photo, text, a video, an audio recording,or an indication of a physical location of the one or more referredusers. In one embodiment, a suggested change in user access is receivedfrom at least one of the referred users prompted for permission, wherethe suggested change is sent to at least one of the referred users witha request for permission to allow the suggested change.

In some embodiments, a method for enabling user privacy for content on anetwork includes providing shared content contributed by a first user,where the shared content is stored by a social network system and ismade accessible to an existing set of other users of the social networksystem. One or more referred users of the network system are identifiedby the shared content. Input is received from the first user instructingat least one change in user access to the shared content. The changemodifies the user access from the existing set of other users of thesocial network to a different set of users of the social network system.The method includes checking privacy settings associated with each ofthe referred users identified by the shared content, where the privacysettings indicate whether the associated referred user is to be sent anotification indicating that the at least one change in user access hasbeen instructed. The privacy settings also indicate whether theassociated referred user is to be sent a prompt requesting that theassociated referred user provide a permission to allow the at least onechange in user access to be performed. The notification is sent to eachof the referred users who are associated with corresponding privacysettings requiring the notification. A prompt is sent to each of thereferred users who are associated with privacy settings requiring theprompt. The user access is changed to the different set of users of thesocial network system in response to receiving the at least onepermission from the prompted referred users.

In some embodiments, a system for enabling user privacy for sharedcontent includes a storage device storing shared content, and at leastone processor accessing the storage and operative to perform operations.The operations include receiving input from a first user instructing atleast one change in user access to the shared content, where the atleast one change modifies the user access from an existing set of one ormore users of a network system to a different set of one or more usersof the network system. The operations also include checking a privacysetting associated with each of one or more referred users of thenetwork system who are referred to by the shared content. The privacysetting indicates whether the associated referred user is to be sent anotification indicating that the at least one change in user access hasbeen instructed.

Some embodiments of the system can include the processor performingoperations including sending the notification to each of the referredusers having a privacy setting requiring the notification, and sending aprompt to the notified referred users. The prompt can request that thenotified referred users provide at least one permission to allow the atleast one change in user access to the shared content. The prompt canallow the referred users to each specify a different change in useraccess to the shared content than the instructed change in user access.In some embodiments, the notification can be sent to each of thereferred users when the access change matches one or more correspondingpredetermined conditions for each of the referred users to be notifiedas specified in privacy settings, such as a condition that the change inaccess is made to designated user groups or users of the network system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an example network environment which may beused for one or more embodiments described herein;

FIG. 2 is illustration of an example graphical user interface (GUI)displaying content uploaded to a network system according to oneembodiment;

FIG. 3 is a diagrammatic illustration of an example simplified GUIallowing a user to change or set user access to shared content,according to one embodiment;

FIG. 4 is a diagrammatic illustration of an example simplified GUIshowing example privacy settings for a user, according to one embodiment

FIG. 5 is a diagrammatic illustration of an example simplified GUIshowing example notifications received by a user who is referred to inshared content, according to one embodiment;

FIG. 6 is a diagrammatic illustration of an example simplified GUIshowing an example permission interface allowing a referred user toapprove or disapprove changes in users access, according to oneembodiment;

FIG. 7 is a flow diagram illustrating an example method of enablingprivacy features for changes of access to shared content, according toone embodiment;

FIG. 8 is a flow diagram illustrating an example method describingadditional embodiments to enable privacy features for changes of accessto shared content; and

FIG. 9 is a block diagram of an example server device which may be usedfor one or more embodiments described herein.

DETAILED DESCRIPTION

One or more embodiments described herein relate to enabling user privacyfor changes to access of shared content on network systems such associal networks. For example, after a user instructs to change useraccess to shared content, the system can notify other users who areidentified or otherwise referred to in that shared content, and in someembodiments can request the permission of those referred users to changethe user access.

A user may have an issue with shared content on a network system if, forexample, the content is changed to have a different user access. Forexample, the user access may be changed from a smaller set of friends tobroader user access level, such as the general public. Embodimentsdescribed herein can enable privacy or other user control to usersreferred to in shared content. If user access to the shared content ischanged, the referred users are notified. Furthermore, the referredusers can be prompted for their permission to change the user access.Various options allow users to customize under which access changeconditions they are notified and/or prompted. The referred users thuscan be aware of and/or control the extent to which the referred contentis viewed or otherwise accessed by users of the social network system asthat user access is changed over time. These features enable a user tocustomize how information about the user is distributed and publicizedto other users of a network system.

Methods and systems are described herein associated with particularimplementations. However, one of ordinary skill in the art willrecognize that these methods and systems will operate effectively inother implementations.

FIG. 1 illustrates a block diagram of an example network environment100, which may be used in some embodiments to implement one or morefeatures described herein. In some embodiments, network environment 100includes one or more server systems, such as server system 102 in theexample of FIG. 1. Server system 102 can communicate with a network 130,for example. Server system 102 can include a server device 104 and asocial network database 106 or other storage device. Network environment100 also includes one or more client devices, such as client devices120, 122, 124, and 126, which may communicate with each other vianetwork 130 and server system 102. Network 130 can be any type ofcommunication network, including one or more of the Internet, local areanetworks (LAN), wireless networks, switch or hub connections, etc.

For ease of illustration, FIG. 1 shows one block for server system 102,server device 104, and social network database 106, and shows fourblocks for client devices 120, 122, 124, and 126. Server blocks 102,104, and 106 may represent multiple systems, server devices, and networkdatabases, and the blocks can be provided in different configurationsthan shown. For example, server system 102 can represent multiple serversystems that can communicate with other server systems via the network130. In another example, social network database 106 and/or otherstorage devices can be provided in server system block(s) that areseparate from server device 104 and can communicate with server device104 and other server systems via network 130. Also, there may be anynumber of client devices. Each client device can be any type ofelectronic device, such as a computer system, portable device, cellphone, smart phone, tablet computer, television, TV set top box orentertainment device, personal digital assistant (PDA), media player,game device, etc. In other embodiments, network environment 100 may nothave all of the components shown and/or may have other elementsincluding other types of elements instead of, or in addition to, thosedescribed herein.

In various embodiments, end-users U1, U2, U3, and U4 may communicatewith each other using respective client devices 120, 122, 124, and 126,and respective to features described herein each user can receivemessages and notifications via a social network system implemented bynetwork system 100. In one example, users U1, U2, U3, and U4 mayinteract with each other via the social network system, where respectiveclient devices 120, 122, 124, and 126 transmit communications and datato one or more server systems such as system 102, and the server system102 provides appropriate data to the client devices such that eachclient device can receive shared content uploaded to the social networksystem via the server system 102.

The social network system can be any system allowing users to perform avariety of communications, form links and associations, upload and postshared content, and/or perform other socially-related functions. Forexample, the social network system can allow a user to send messages toparticular or multiple other users, form social links in the form ofassociations to other users within the social network system, groupother users in user lists, friends lists, or other groups, post contentincluding text, video sequence, audio sequence or recording, or othertypes of content for access by designated sets of users of the socialnetwork system, send multimedia information and other information toother users of the social network system, participate in live video,audio, and/or text chat with other users of the system, etc. As usedherein, the term “social network system” can include a software and/orhardware system that facilitates user interactions, and can include aservice implemented on a network system. A “social link” is any linkbetween multiple users that allows these users to more easilycommunicate, view and find statuses of the other users, and/or otherwiserelay information between each other. For example, adding another userto a first user's group of known users is adding a social link betweenthese users. In some embodiments, a “user” can include one or moreprograms or virtual entities, as well as persons that interface with thesystem or network.

Furthermore, a user can designate one or more user groups, such as“friends lists” or “circles,” to allow users in the designated usergroups to access or receive information associated with the user on thesocial network system. A user's user groups each specify one or moreusers of the social network system with which the user has a sociallink. For example, the user can designate that the users in one usergroup can access content (e.g., receive and view the content on theirclient devices) which the user posts on the social network system, suchas text or audio messages and graphical images. Or, the user candesignate that the users in a different user group can access userprofile information of the user, such as identifying information,opinions, hobbies, interests, etc. In some embodiments, the access ofusers to user information can be designated in terms of larger groups,such as a “public” setting designating all the users of the socialnetwork system. Some embodiments of social network systems allow theuser to designate groups of users including extended or additionalsocial linked levels (degrees of separation) of users. For example, afirst user may be able to designate that a second or extended linkedlevel of users, such as friends of the user's friends, are able toaccess the first user's information and content, which in this examplecan be any users that have at least one of the friends of the first userin their own user groups. A user may also be able to designate othergroups or sets of users regardless of whether those other users are inthe user's own listed groups. For example, the user may designate usersbelonging to a designated group, list, or circle, or having one or morespecified characteristics, such as age, membership in a designatedorganization, eye color, designated hobbies or interests, member of adesignated organization since a particular time or date, etc.

Respective to features described herein, each user can set privacysettings in his or her account or user profile to determine whether andhow notifications and or prompts for permission are sent to the userwhen content that refers to the user is changed for user access, such aschanged in user access level or privacy level. A social networkinginterface, including privacy settings, notifications, prompts, and otherfeatures described herein, can be displayed using software on the clientdevice, such as application software or client software in communicationwith the server system. The interface can be displayed on an outputdevice of the client device, such as a display screen. For example, insome embodiments the interface can be displayed using a particularstandardized format, such as in a web browser or other application as aweb page provided in Hypertext Markup Language (HTML), Java™,JavaScript, Extensible Markup Language (XML), Extensible StylesheetLanguage Transformation (XSLT), and/or other format.

Other embodiments can use other forms of network systems instead ofsocial network systems. For example, a set of users using any computernetwork can make use of features described herein.

FIG. 2 is a diagrammatic illustration of an example simplified graphicalinterface (GUI) 200 displaying content uploaded to a network systemaccording to one embodiment. GUI 200 can be displayed on a displaydevice, e.g., of a client device 120, 122, 124, and/or 126, or a serversystem 102 in some embodiments. For example, the GUI 200 can bedownloaded from the server system 102 for display on a client device ina web browser or other application program. The interface 200 includesone or more displayed windows within the GUI, or can be displayed inother forms in other interfaces.

In one embodiment, GUI 200 includes a content window 202, which in thedescribed example of FIG. 2 shows a user's content in the form ofphotos. The user “Dan V” has uploaded the photo 204 to his account oruser profile of the social networking system implemented on serversystem 104. In this example, the photo 204 depicts another user of thesocial networking system. The uploading user has added referringinformation to the photo 204, which in this example identifies thedepicted user in the form of a tag that includes the name of the userdepicted, “Bob A.” For example, the tag can be displayed as tag 206 whenthe user viewing the GUI 200 moves a cursor 208 over a selection area210 defined within the photo 204. The tag can also be displayed as text212 to the side of the photo 204 if the viewing user has selected theoption 214 to view tags there. Various other embodiments can displaytags or other referring information in other forms. In some embodiments,the displayed tag 206 and/or 212 can also be links to the tagged user'sprofile or information. This allows the user to select one of the tags206 and 212 to cause the tagged user's profile or other informationabout the tagged user to be displayed. The referred user in photo 204can be referred to in other ways in other embodiments.

GUI 200 can also display other information related to the displayedcontent 204. For example, in some embodiments user comments 216 can alsobe displayed, which are comments contributed by one or more users of thesocial network system. The comments can also include referringinformation that may identify or otherwise refer to another user of thesocial network system, and in some embodiment can include a link toreferred user's profiles or information. Such comments, ratings, orother added information can be considered part of the shared contentthat also includes base content 204 which is the uploaded photo.

FIG. 3 is a diagrammatic illustration of an example simplified GUI 230allowing a user to change or set a user access to shared content,according to one embodiment. GUI 230 can be part of the GUI 200 of FIG.2, for example.

The interface 230 includes a displayed window 232 in one embodiment, inwhich selected content may have its user access changed. In thisexample, the photo 234 is displayed by the uploading user of that photo.Some embodiments can display an indication of a current or existing useraccess for the photo 234, which in this example is displayed as adesignated user access level (or “privacy level”) 236. The users in the“friends” group of the uploading user can access the photo, includingviewing it, adding comments or other additional content to it (ifpermitted by the uploading user), etc. The uploading user can enter thenew, desired user access level for the content in a field 238. In someembodiments, as shown, a menu 240 of some possible user access levels oroptions can be displayed from which the user can select. This exampleincludes options such as “all your user groups,” which allows the userto share the content with all the users in his user groups (such ascircles, predefined friends lists, etc.). Or, the user can select aspecific stored user group to which to provide user access such as UserGroup 1 or User Group 2. The user can also change the user access to“Private” in which only the user can access the content. Other optionsinclude changing the user access to categories having users defined inuser groups or other accessible lists, for example, such as “family,”“friends,” or “acquaintances.” The option of “extended user groups” caninclude users being two or more social linked levels away from the user.For example, these can be extended users who are in the user groups offriend users who are in the user groups of the selecting user. Someembodiments can also include a “public” option, which would provideaccess to all the users of the social network system.

Once the user has selected the desired privacy level, then a sharecontrol 242 can be selected by the user to set the new privacy level forthe content. In some embodiments, there may be users referred to in theshared content who require approval before the shared content is changedto the new user access level, and so the content would not beimmediately changed to the new privacy level in such embodiments.

FIG. 4 is a diagrammatic illustration of an example simplified GUI 250showing example privacy settings for a user to cause events based onchanges of user access to shared content, according to one embodiment.GUI 250 can be part of the GUI 200 of FIG. 1 and displayed on a clientdevice 120, 122, 124, and/or 126, for example.

The privacy settings provided by interface 250 include contentpreferences 252. These preferences can include such settings as allowingother users to access uploaded or posted content, and/or a setting toautomatically approve new tags or other referring information created byspecified other users in content.

Interface 250 also includes settings 254 for indicating notification andpermission preferences for the user that are related to changes in useraccess (e.g., privacy level) of shared content in which the user isreferred to (e.g., tagged). Notification settings 256 allow a user todesignate if and how the user wishes to be notified when changes in useraccess are instructed for content in which the user is referred. In theexample shown in FIG. 4, such settings include never to be notified,always to be notified, or to be notified in specific circumstances suchas when content is instructed to be shared to extended user groups(e.g., second linked level or greater users, friends of friends, etc.),or when user access is reduced, e.g., changed to private or the contentis deleted or removed from the network system.

Permission settings 258 allow a user to designate if and how the userwill be prompted for permission or approval to allow or disallow achange in user access of referring shared content. In the example shownin FIG. 4, such settings include a requirement to never requirepermission, always require permission, or require permission indesignated circumstances. In this example, such circumstances caninclude the referring content becoming public or increasing access toextended user groups. The settings 258 can also include preferences asto the particular changes in user access or the content which the userwill allow if the user disapproves of the changes. For example, the usercan select to disallow the instructed change in privacy level if theuser denies permission, or the user can select to remove the referringinformation that refer to the user (such as tags) and then allow thechange in privacy level to be made.

In some embodiments, some or all of these settings can also oralternatively be provided as selections or options in a prompt to a userthat is sent to the user each time an appropriate change in user accessis instructed for referring content.

FIG. 5 is a diagrammatic illustration of an example simplified GUI 270showing example notifications received by a referred user who isreferred to in shared content that has been instructed to change itsuser access, according to one embodiment. In this example, a user hasreceived three notifications and/or prompts 272, 274, and 276 whichindicate instructed changes to user access (e.g., user access levels orprivacy levels) for shared content referring to the user.

In a first notification 272, the referred user is notified that anuploading user, “Dan V,” has instructed to change the user access levelof shared photo content, where the user viewing the GUI 270 is thereferred user who is tagged in the shared content. In this example, thetagged user “Bob A” is notified of the change in privacy level innotification 272, and can also be shown the particular subject content,which is this example is photo 280. In some embodiments, thenotification also shows the particular referring information in theshared content 280, such as a tag 282 that provides the name of and/orlink to the referred user. The notification can also indicate theparticular change in privacy level, which in this example is an increasein user access from “Friends” of Dan V to “Public.” In addition, if thereferred user has set his or her privacy settings to require his or herpermission for the change to occur to this shared content, then acontrol 284 can be displayed to prompt the user to grant or denypermission (e.g., approve or disapprove) the change in user access. Oneexample of a permission interface allowing such approval or disapprovalis described below with reference to FIG. 6.

In a second notification 274, the referred user “Bob A” is notified thata different user “Alice A” has instructed shared text or documentcontent to have its user access level changed, where the text contentrefers to the user viewing the GUI 270. The referred user's name may beidentified in the text content, for example, and/or the referred user'sprofile or other information may be linked by the text content. Thenotification indicates the particular change in user access, which inthis example is a reduction in user access level from “Family” to“Private.” As in notification 272, the shared content can be displayedfor reference in the notification, which in this example is a beginningexcerpt and link 288 of the text content which can be selected for afull view of the content. The referring information can also bedisplayed, e.g., as a tag 290. In this example, there is no display of acontrol to provide permission for the change, because the user's privacysettings have indicated that this particular change can be made withoutpermission by the user (only requiring notification). For example, theuser may have designated that a reduction in user access level is alwayspermitted, and/or that user access changes to content having a text typeis always permitted. Thus, in some cases, the change in user access mayhave already been made by the network system.

In a third notification 276, the referred user “Bob A” is notified thata different user “Zoe B,” has instructed shared location content to haveits user access level changed, where the location content refers to thereferred user. In one example, the location content can be ageographical location that indicates where one or more users currentlyare located, e.g., based on locating a portable device carried by theuser(s) or a manual input of the location. The notification indicatesthe particular change in privacy level, which in this example is achange in user access from all “Friends” of Zoe B to ten particularpeople (such as ten users of the social network system). In someembodiments, the user can click on the “10 People” text as a link toaccess a view of the 10 people as well as links to their profiles, ifapplicable. The location can be displayed as text 292, and/or a map (notshown) can be displayed showing the location. A tag 294 can alsoindicate the referring information at the location. A control 296 can bedisplayed, prompting the user to approve or disapprove the change inuser access. One example of a permission interface is described belowwith reference to FIG. 6.

In other embodiments, other information can be included innotifications, such as links to the access-changing user's informationor profile, additional information about the shared content and/or thenew user access level, etc.

FIG. 6 is a diagrammatic illustration of an example simplified GUI 300showing an example permission interface allowing a referred user togrant or deny permission (approve or disapprove) changes in users accessto the referring shared content, according to one embodiment. In thisexample embodiment, a user has selected a permission control in anotification, such as control 284 shown in FIG. 5, to cause the GUI 300to be displayed on the client device. In this example, the interface 300can include the notification 272, including the content of photo 280 andtag 282 that have been instructed to be changed in user access.

Interface 300 includes permission selections 302, which in this exampleinclude an approval and a disapproval. Selecting the approval indicatesthat the user approves of and will grant permission for the change inuser access, while selecting the disapproval indicates the opposite. Insome embodiments, if the user selects the disapproval response, thensuggestion options 304 can be enabled. For example, the referred usercan designate a suggested change in user access level that the referreduser would be satisfied with instead of the change in access instructedby the access-changing user. In the example shown, the user can enter asuggestion in the field 306 or can select a suggested access level froma menu 308. In some embodiments, the menu options can be similar tooptions when first designating the privacy level of content, an exampleof which is described above for FIG. 3. In this example, the options arepresented in terms of user groups for the access-changing user (“Dan V”in this example) rather than the referred user (“Bob A” in thisexample). In addition, user groups associated with users in the referreduser's user groups can also be displayed as options. For example, aFriends user group “Sally A” is shown in options 304, where “Sally A” isa user in a user group of the referred user. Furthermore, in thisexample, the “Public” option is not presented in menu 308 since the userhas already selected to disapprove of the change in user access level to“public” in selections 302.

Furthermore, a denial of the change may cause different effectsdepending on the referred user's privacy settings. For example, the usermay have set his or her settings to disallow the change in user access.Or, the privacy settings may allow the change in user access for thecontent except for the tag or other referring information pertaining tothe referred user. These and other examples are described below.

A send button 310 can be presented in the permissions interface 300 tosend the approval or disapproval to the access-changing user and theserver to cause the appropriate action to be performed, such as changingthe access level or the content in accordance with the referred user'sresponse. Some embodiments can require further input by theaccess-changing user, as described for some embodiments below.

Other embodiments can present different information and/or options forthe referred user. For example, in some embodiments a referred user canselect a suggested user access level from a wide variety of differentdisplayed suggestion options. In one example, a user can select asuggested access level to be one or more user groups (such as a“Friends” group) associated with any selected user of the social networksystem, or a combination of user groups associated with multipleselected users of the system. Some of the other possible options aredescribed in various embodiments herein.

FIG. 7 is a flow diagram illustrating one example of a method 400 ofenabling privacy features for changes of access to shared content. Insome embodiments, method 400 (and method 420, below) can be implemented,for example, on a server system 102 as shown in FIG. 1. In describedexamples, the server system includes one or more processors orprocessing circuitry, and one or more storage devices such as a database106. In some embodiments, different components of a server and/ordifferent servers can perform different blocks or other parts of themethod 400. In other embodiments, some or all of the method 400 can beimplemented on one or more client devices. Method 400 can be implementedby program instructions or code, which can be implemented by one or moreprocessors, such as microprocessors or other processing circuitry andcan be stored on a computer readable medium, such as a magnetic,optical, electromagnetic, or semiconductor storage medium, includingsemiconductor or solid state memory, magnetic tape, a removable computerdiskette, a random access memory (RAM), a read-only memory (ROM), flashmemory, a rigid magnetic disk, an optical disk, a solid-state memorydrive, etc. Alternatively, these methods can be implemented in hardware(logic gates, etc.), or in a combination of hardware and software. Themethod 400 can be provided as part of or component of an applicationrunning on the client device, or as a separate application or softwarerunning in conjunction with other applications and operating system.

In block 402 of method 400, content is shared on a network system, suchas a social network system. The content constitutes data and can be anytype of content, such as text, image, video, audio, olfactory, tactile,or a combination of these or other types. In some embodiments, thecontent can include real-time information such as a geographicallocation at which one or more users of the network system are currentlyor recently located. The content is stored on one or more storagedevices accessible to the social network system, such as on the socialnetwork database 106. The content can be associated with a particularuser who may have uploaded or otherwise obtained the content and who hasshared the content with an existing set of one or more users of thesocial network. For example, the content may be stored in the uploadinguser's profile or account.

The content is “published” on the social network system and viewable (orotherwise accessible) by an existing set of users. The existing set ofusers who have access to the shared content is or was previouslydesignated by one or more users. For example, the existing set of userscan be the users listed in the uploading user's group of “friends.”Alternatively, the uploading user may have designated one out ofmultiple user groups as the set of users to have access to the content,if multiple such user groups are available. In some embodiments, theuploading user may have selected particular users of the social networksystem to be in the existing set of users having access, e.g. from oneor more of the user's user groups, from the results of a search of usersin the network system, etc. In still other embodiments, one or moreother users of the network system may have designated which users are inthe existing set of users having access. In one example, one or morenon-uploading users may have been given the ability by the uploadinguser to set user access to the shared content. The existing set of userscan be designated as a user access level, “privacy level,” or similardesignation in some embodiments, such as “Public” or “Family” or“Friends.”

The shared content can include base content, such as an original image,document, audio file, video sequence, or other content type uploaded bya user, as well as additional content added by one or more users of thenetwork system after the base content was first shared. For example, theadditional content can include comments, ratings, or edits for the basecontent or for other additional content. Furthermore, “referringinformation” can be added to the content, which identifies, describes,or otherwise refers to one or more users of the network system(“referred users”). In one example, images or other forms of content canbe tagged with information tags that can include referring informationabout a user. For example, a tag may list the name of a user of thenetwork system who is pictured in photo content associated with the tag.In some embodiments, a tag may include a link which can be selected toaccess an email address, profile, or account of a user of the networksystem. Some examples of content are described above with reference toFIG. 2.

In step 404, the system receives instructions from a user to change useraccess of the shared content from the existing set of users to adifferent set of users on the social network system. In someembodiments, the user who provides these instructions, referred to as an“access-changing user” herein, can be the user who uploaded the (base)content and/or is associated with the content (e.g., the content isprovided in his or her profile or account). In some embodiments, theaccess-changing user can be a different user of the network system whohas the ability to change user access of the shared content.

In some cases, the user access is changed from a smaller number of usersto a greater number of users, while in other cases the access is changedfrom a greater number of users to a smaller number. In still othercases, the number of users may remain the same, but the user accesschanges to different particular users or user groups. In someembodiments, the access-changing user also designates which user(s),user group(s), or sets of users who will have the new access. Forexample, the access-changing user may provide user input to the socialnetwork system that will cause a shared photo to be changed in itsaccessibility from one user group to a different user group of theaccess-changing user. Or, the user accessibility may be instructed to bechanged from a user group (such as from a “friend list” or circle) to a“public” accessibility that includes all the users of the socialnetworking system. Or, access can be changed from a first linked leveluser group (such as friends of the access-changing user) to a second orgreater linked level user group (such as including friends of thosefriends). Other examples include changing the user accessibility from anentire user group to a subset of users in that group, or from multipleuser groups to a subset of those user groups. In still other examples,the user can select particular users of the social network system to bein the new, different set of users having access. For example, users canbe selected from one or more of the access-changing user's user groups,from search results from a search of users in the network system, etc.One example of changing user access is described above with respect toFIG. 3, and other examples are described below with reference to FIG. 8.

In some embodiments, the instructed change in user access is a changefrom an existing user access “level” to a different user access level. Auser access “level,” as referred to herein, is a designated or nameduser group or set of users. For example, an access level can bedesignated as a predefined access level, such as “public”, “friends,”“circles,” “family,” or “all user groups” of a user. Or, an access levelcan be specified as a personally-named user group associated with theuser. An access level is changed for content if the designated usergroup is changed, and is not changed if particular users are added to orremoved from the designated group. For example, the user access level isnot changed for content if particular users are added to the “friends”user group which has access to that content. However, this user accesslevel is changed if it is set to “public” instead of “friends” for thecontent. A change of one user group to a different user group is achange in user access level.

In step 406, the privacy settings of referred users in the sharedcontent are consulted. In some embodiments, the privacy settings can bepart of the referred user's profile or account on the social networksystem and can be stored and accessed on the server system. A user canbe assigned default privacy settings, or the user can modify thesettings as desired. In some embodiments, the privacy settings caninclude an option for the user as to whether or not to be notified whenany change to user access is instructed for content that refers to thatuser. Some examples of privacy settings are described above with respectto FIG. 4, and other options are described below with respect to FIG. 8.

In step 408, a notification is sent to referred users who requirenotification for change in user access, as determined based on theconsulted privacy settings of step 406. The notifications can includevarious information, such as including or linking to the content thathas been instructed to be changed, the referring information that refersto the referred user, the previous access level and the instructed newaccess level, etc. One example is described above with reference to FIG.5.

FIG. 8 is a flow diagram illustrating one example of a method 420describing additional embodiments of features to enable privacy featuresfor changes of access to shared content. Method 420 can be implementedon software and/or hardware systems similarly as described for method400 of FIG. 7.

In block 422, content is received by the network system, such as asocial network system. As described above, the content constitutes dataand can be any type of content. In some embodiments, an uploading userof the network system can upload the content from one of the clientdevices 120-126 to the server system 102 of the social networkingsystem. For example, an image can be a photo that is uploaded by a user.In other embodiments, the content can be received from other serversystems or other sources. Some embodiments allow the uploading user toupload the content to a user profile or account associated with thefirst user in the social network system.

In block 424, the received content is shared to one or more (existing)users of the social network, similarly as described above in block 402of FIG. 7. For example, the uploading user can command the content to be“published” on the social network system so that the content can beviewed by one or more other users of the system. Or, one or more otherusers can share the content, or the content can automatically be sharedto a previously-designated set of one or more other users of the socialnetworking system.

In some cases, the sharing of the received content of block 424 can bean initial sharing (publication) of the content to one or more otherusers of the social network system to allow access to user(s) other thanthe uploading user. In some embodiments, this initial sharing caninclude notifying any users referred to by the content and/or promptingsuch users for permission, which can be performed similarly as to whenthere is a change in user access to existing shared content as describedherein. In some embodiments, each user can have privacy settings appliedwhen content is initially shared to any other users to govern whetherreferred users are notified and/or prompted, similar to the privacysettings described below for a change in user access of shared contentfrom one or more users to a different set of users. In some embodiments,separate and independent privacy settings can be provided for a user,where one setting governs referred user notification and prompting whencontent is newly shared, and a different setting governs usernotification and prompting when shared content is changed in user accessfrom one or more users to a different set of users.

In block 428, the system receives instructions from an access-changinguser to change user access of the shared content from the existing setof one or more users to a different set of one or more users on thesocial network system. This can be similar to step 404 as describedabove in FIG. 7. In various embodiments, the access-changing user can bethe uploading user or one or more other users.

In block 430, the process checks whether there are any referred usersreferred to by the shared content. If there are not one or more referredusers referred to in the shared content, the process ends. If there areone or more referred users, then in block 434 the process checks privacysettings associated with each of the referred users, similarly asdescribed above for step 406. In some embodiments, the privacy settingsfor each user can include an option for the user as to whether or not tobe notified when any change to user access is instructed for contentthat refers to that user. Some embodiments can also include a settingoption as to whether or not the referred user is to be prompted forpermission allowing the instructed change of user access. For example,the user can designate an option to “review” the instructed changeand/or the content that is the subject of the access change (includingany referring or identifying information such as tags) and otherpertinent information.

Other options can allow the user to designate in the privacy settingswhether to be notified and/or prompted for permission in specifiedcircumstances or under specified conditions. In some embodiments, suchconditions can include instructed changes to and/or from particular useraccess or access level(s) (privacy level(s)). For example, the user candesignate, as a general condition, to be notified and/or prompted whenuser access to referring content is instructed to be changed to agreater number of users, or to a reduced or fewer number of users thanin the existing set of users. In some embodiments, this change in thenumber of users can be determined based on a change in user accesslevel. For example, the change can be from a user group “friends” to“private” which reduces the number of users. Alternatively, if thecontent is instructed to be deleted from the social network system, thisis a reduction in the number of users having access.

Some embodiments can allow a user to designate these conditions morespecifically. For example, the user can designate to be notified and/orprompted when referring content's access level is instructed to bechanged to a specific designated user access level, such as “public”(accessible to all users of the system), second linked level user groups(such as “extended” user groups or circles or “friends of friends”),“private” (e.g., one user, such as the access-changing user).Furthermore, some embodiments can allow a user to designate to benotified and/or prompted if a number of users greater than apredetermined or designated threshold number are instructed to be addedto the user access of referring content. For example, the privacysettings can include a field to allow the user to input the desiredthreshold number. Embodiments can also allow a user to designatenotification and/or prompt if the number of users is to be reduced by anumber greater than a predetermined threshold number.

Some embodiments can allow a user to set to be notified and/or promptedwhen the user access is changed to and/or from any particular users ofthe system, where those particular users can be designated by the userin the privacy settings. For example, the user can designate particularusers in a list such that, if access to referring content is changed orextended to those designated users, the user is to be notified and/orprompted. In other cases, the user can designate to be notified and/orprompted if the designated users are instructed to be removed from useraccess. Some embodiments allow the user to designate particular nameduser groups, such that notification and/or prompt is required whenaccess is allowed to those designated groups or removed from thosegroups. For example, notification can be designated when removing useraccess by a user group named “Company XYZ” that includes all employeesof that company.

In some embodiments, a user can designate particular shared content, ora particular type of shared content, to cause a notification and/orprompt to the user when user access is instructed to be changed for thatreferring content or type. This can allow user access changes withoutnotification and/or prompt to the referred user for other shared contentthat refers to the user but which is set to “don't care” or undesignatedin the privacy settings. In one example, a user designates to not benotified or prompted when particular photos for a company event thatdepict the user are instructed for user access changes. That user alsodesignates other particular photos for a family event to causenotification and/or prompts to the referred user for user accesschanges. In some embodiments, one or more types of content can also bedesignated in privacy settings, such that, for example, a user candesignate that instructions to change user access to images or phototype content will cause notifications and/or prompts to the referreduser, while instructions to change access to text type of referringcontent will not cause such notifications and/or prompts. Other types ofcontent can include video, audio, location, or user-defined types (suchas documents, spreadsheets, files in particular format or file extensionor from a particular application, etc.).

Other conditions can be specified in some embodiments. For example, auser can select to be notified and/or prompted if, in shared contentreferring to that user, other referring information that refers to oneor more other people or users of the network system has been newly addedto the shared content. For example, new tags identifying other users mayhave been added to the shared content that refers to the user.Similarly, a referred user can be notified and/or prompted if referringinformation to other users of the network system has been removed fromthe content, or if those other referred users have denied permission tochange the user access level to the content or to their referringinformation.

In some embodiments, any or all of the above conditions can bedesignated by the user in various combinations. In any of theseexamples, the user can in some embodiments designate to be notified butnot prompted for permission.

In block 436, it is checked whether one or more of the referred userswhose privacy settings were checked in block 434 require permission fromthe referred user to allow the user access of the shared content to bechanged. This permission option can be provided as different options orimplementations in various embodiments. For example, in someembodiments, a user can designate in the privacy settings that the usermust be prompted with a request for permission when referring content isto have change in user access. Some embodiments can provide the requestfor permission under particular conditions or circumstances, asdescribed above.

For referred users that do not require permission, block 440 isperformed, in which the system sends out notifications to these referredusers. In some embodiments, the notifications can indicate the contentthat has been instructed to be changed, and the referring informationthat refers to the referred user, as in the example of FIG. 5 describedabove. The process then continues to block 448, described below.

If one or more of the referred users require that their permission bereceived for change in user access, then block 442 is performed forthose users, in which a notification and a prompt for permission is sentto those users. The prompt can be a simple request, or the prompt candisplay additional options, such as a field or selections to allow thereferred user to suggest a different user access for the shared contentif the referred user denies permission, as shown in the example of FIG.6 described above. In block 444, the system checks whether permissionshave been received from the referred users who were sent prompts inblock 442. For example, each referred user who was sent the prompt canselect a displayed button or control that is displayed on his or herclient device for the prompt, such that the client device sends back amessage to the server system 102 in accordance with the selectedcontrol. In some embodiments, permission to allow the instructed useraccess change is considered to have been received if all referred usersgrant their permission. In other embodiments, permission can beconsidered received if a subset of the referred users grant permission.For example, a majority of the referred users, or a number of referredusers over a predefined percentage threshold, can be required to grantpermission for permission to be considered received.

If permission has been received, block 448 is performed, in which useraccess for the shared content is changed based on the instructionsreceived from the access-changing user in block 428. For example, theuser access can be changed to a different set of users, such that thenew, different set of users can now access the shared content and theprior, existing set of users can no longer access the shared content(unless a member of the new set of users). The process is then complete.In some embodiments, the referred users may also have providedsuggestions to the access-changing user if the referred users wouldprefer a different change but will still accept the instructed change.For example, a referred user may approve the instructed change but alsosuggest that the change in user access be extended to a greater numberof users. In some embodiments, such suggestions can be received by theaccess-changing user with the permission that is received in block 444.Some examples of suggested changes are described below with respect toblocks 450-454.

If permission is denied in block 444, or in some embodiments after apredetermined time period has passed without receiving any response fromthese referred user(s), the process continues to block 450. In this(optional) block, it is checked whether any suggested changes to useraccess have been received from the referred users who denied permission.In some embodiments, a referred user who receives a request forpermission may provide one or more suggestions to the access-changinguser as to which user access changes would be acceptable to the referreduser. For example, a referred user can send a denial of an instructeduser access change from “friends” of the first user to a “public” accessfor all system users. The referred user can also suggest a differentuser access change, such as from “friends” to “friends of friends,”i.e., from a first linked level user group to a second linked level usergroup. In some embodiments, the referred user can suggest particularusers in relation to the access-changing user's instructed user access.For example, if the access-changing user instructed that a user groupwith additional users be allowed access to the content, the referreduser can suggest that only a subset of the additional users be allowedaccess, and can designate that subset of users in the suggestions sentto the access-changing user. Similarly, if a reduction in the number ofusers with access is instructed, the referred user can suggest removinguser access for only a particular suggested subset of those users.

If a suggested access change has been received in block 450, thenoptionally block 452 can check if the access-changing user agrees to thesuggested change(s) provided by the referred user(s). For example, asuggested change can be displayed to the access-changing user on anassociated client device, and allow the access-changing user to respond.If the access-changing user does not agree, then the process continuesto block 456, described below. If the access-changing user does agree tothe suggestions, then in block 454, the user access to the sharedcontent is changed to the suggested access change provided by thereferred user(s).

In some embodiments, if there is more than one referred user who deniespermission (e.g., the shared content refers to multiple users), then allof those referred users must agree to the suggested changes in additionto agreement from the access-changing user to cause the user access tochange to the suggested access change. If not all the referred usersagree, then the suggested change is not allowed and block 456 isperformed, as described below. In other embodiments, a majority of thereferred users can be required to agree to cause the access change, or anumber of referred users over a predefined percentage threshold. Forexample, to enable easier review by all the referred users, thesuggestions provided by one referred user can be sent to other referredusers (to all the other referred users, or alternately to the otherdenying referred users) for review and acceptance/refusal by those otherreferred users. Some embodiments can also compare suggestions receivedfrom multiple referred users and, if all the suggestions match (oralternatively if more than a predefined percentage of the suggestionsmatch), the suggested change in access is made to the shared content.After the suggested change in access is made to the shared content, theprocess continues to block 458, described below.

If the access-changing user does not agree to the suggested changes asdetermined in block 452 (or other condition prevents the suggestedchanges such as other referred users as described above), then block 456is performed. In this block, the change in user access as instructed bythe access-changing user is not allowed for the shared content, or theinstructed change in user access is allowed but the shared content ischanged. The particular actions performed in block 456 can depend on theembodiment, user privacy settings, etc. For example, the privacysettings of the referred user(s) may specify that when an instructeduser access change is denied by those referring users, the change inuser access is not allowed. In some embodiments, this can be the defaultresult without consultation of user privacy settings or otherpreferences.

In other cases or embodiments, the change in user access is allowed butthe content is changed in a way that is acceptable to at least thereferred users who denied permission. For example, the information inthe shared content that refers to the referred users can be removedbefore the user access change is performed. In one example, the tagsassociated with a photo that refer to the denying referred users areremoved from the photo before the user access is changed. In otherembodiments, the face of the denying referred users are blurred in animage or video as to be unrecognizable. Or, the names of the denyingusers are blocked out or erased in text content or audio content.Alternatively, the information referring to the denying users can bekept in the content but is not changed to the new user access, while theremaining content is changed to the new user access, thus creatingdifferent portions of the content that have different user access. Thiscauses the denied referring information to not be visible or accessibleto the new set of users, only the existing (now old) set of users. Instill other embodiments, the content can be changed in other ways. Forexample, a link between the referring information of the content and thereferred user's profile on the network system can be removed rather thanremoving the information itself.

In some embodiments, if there are multiple referred users and somereferred users deny permission while other referred users providepermission for the change in user access, then the information (e.g.,tags) referring to the referred denying users are removed from thecontent before the user access change is performed (or not changed inuser access), while the information referring to permitting referredusers is kept in the content.

The particular change in content that is performed in a particular casecan also be determined by examining the referred user's privacysettings, the access-changing user's privacy settings, and/or other userpreferences. For example, in some embodiments, if a change in content tobe performed based on the referred user's preferences agrees with achange in content allowed by the access-changing user's preferences, thechange is made. However, if these preferences do not agree, then thecontent is not changed and the instructed change in user access is notallowed. After block 456, the process continues to block 458.

In optional block 458, any of the referred users who wish to keep theshared content which they were notified of and reviewed for theinstructed change in user access can download (or otherwise receive)and/or publish the content. For example, the shared content may havebeen sent to the referred users and displayed on their screen forreview. One or more of the referred users may wish to download thecontent to their local client devices and/or publish the content intheir own user profile of the social network system. Referred users mayalso wish to change the user access of the received content. In anotherexample, the access-changing user may have instructed a change in useraccess by instructing to remove and/or delete the shared content fromthe social network system. In such a case, any referred users in theshared content can be sent a prompt as to whether they would like todownload or otherwise receive the shared content before it has beendeleted. For example, this prompt can be included in the notification ofblock 440 or in the prompt asking for permission as in block 442. Theprompt can also request whether the referred user(s) wish to change theuser access of content received in this way. The sending of the promptscan be designated by referred users in their privacy settings or otherpreferences, and/or the prompts can be initiated or agreed to by theaccess-changing user. After block 458, the process ends.

It should be noted that the blocks described in the methods of FIG. 7and FIG. 8 can be performed in a different order than shown and/orsimultaneously (partially or completely) with other blocks, whereappropriate. In some embodiments, blocks can occur multiple times, in adifferent order, and/or at different times in the methods.

In other embodiments, variations of one or more above features can beused. For example, some embodiments may provide default conditions tocause notifications and/or prompts to be sent to referred users, thoseconditions determined by the social network system, website, or server.In some embodiments a user cannot change these default conditions orsettings. In some other embodiments, one or more of the client devicescan perform one or more functions of the server, instead of or inaddition to the server performing those functions.

FIG. 9 is a block diagram of an example server device 500, which may beused to implement some embodiments described herein. For example, serverdevice 500 may be used to implement server device 104 of FIG. 1, andperform appropriate method embodiments described herein. Server device500 can be any suitable computer system, server, or other electronic orhardware device. For example, the server device 500 can be a mainframecomputer, desktop computer, workstation, portable computer, orelectronic device (portable device, cell phone, smart phone, tabletcomputer, television, TV set top box, personal digital assistant (PDA),media player, game device, etc.). In some embodiments, server device 500includes a processor 502, a memory 504, and input/output (I/O) interface506.

Processor 502 can be one or more processors or processing circuits toexecute program code and control basic operations of the device 500. A“processor” includes any suitable hardware and/or software system,mechanism or component that processes data, signals or otherinformation. A processor may include a system with a general-purposecentral processing unit (CPU), multiple processing units, dedicatedcircuitry for achieving functionality, or other systems. Processing neednot be limited to a particular geographic location, or have temporallimitations. For example, a processor may perform its functions in“real-time,” “offline,” in a “batch mode,” etc. Portions of processingmay be performed at different times and at different locations, bydifferent (or the same) processing systems. A computer may be anyprocessor in communication with a memory.

Memory 504 is typically provided in device 500 for access by theprocessor 502, and may be any suitable processor-readable storagemedium, such as random access memory (RAM), read-only memory (ROM),Electrical Erasable Read-only Memory (EEPROM), Flash memory, etc.,suitable for storing instructions for execution by the processor, andlocated separate from processor 502 and/or integrated therewith. Memory504 can store software operating on the server device 500 by theprocessor 502, including an operating system 508 and a social networkengine 510. In some embodiments, the social network engine 510 caninclude instructions that enable processor 502 to perform the userprivacy functions described herein, e.g., some or all of the methods ofFIGS. 7 and 8. Any of software in memory 504 can alternatively be storedon any other suitable storage location or computer-readable medium. Inaddition, memory 504 (and/or other connected storage device(s)) canstore privacy settings, content, and other data used in the featuresdescribed herein. Memory 504 and any other type of storage (magneticdisk, optical disk, magnetic tape, or other tangible media) can beconsidered “storage devices.”

I/O interface 506 can provide functions to enable interfacing the serverdevice 500 with other systems and devices. For example, networkcommunication devices, storage devices such as memory and/or database106, and input/output devices can communicate via interface 506. In someembodiments, the I/O interface can connect to interface devices such asinput devices (keyboard, pointing device, touchscreen, microphone,camera, scanner, etc.) and output devices (display device, speakerdevices, printer, motor, etc.).

For ease of illustration, FIG. 9 shows one block for each of processor502, memory 504, I/O interface 506, and software blocks 508 and 510.These blocks may represent one or more processors or processingcircuitries, operating systems, memories, I/O interfaces, applications,and/or software modules. In other embodiments, server device 500 may nothave all of the components shown and/or may have other elementsincluding other types of elements instead of, or in addition to, thoseshown herein. While system 102 is described as performing steps asdescribed in some embodiments herein, any suitable component orcombination of components of system 102 or similar system, or anysuitable processor or processors associated with such a system, mayperform the steps described.

A client device can also be used with features described herein, such asclient devices 120-126 shown in FIG. 1. Example client devices caninclude some similar components as the server device 500, such asprocessor(s) 502, memory 504, and I/O interface 506. An operatingsystem, software and applications suitable for the client device can beprovided in memory and used by the processor, such as client groupcommunication application software. The I/O interface for a clientdevice can be connected to network communication devices, as well as toinput and output devices such as a microphone for capturing sound, acamera for capturing images or video, audio speaker devices foroutputting sound, a display device for outputting images or video, orother output devices. A display device, for example, can be used todisplay the settings, notifications, and permissions as describedherein, where such device can include any suitable display device suchas an LCD, LED, or plasma display screen, CRT, television, monitor,touchscreen, 3-D display screen, or other visual display device. Someembodiments can provide an audio output device, such as voice output orsynthesis that speaks text in ad/or describing the settings,notifications, and permissions.

As indicated above, embodiments enable privacy options to be provided toa user who is referred to in shared content on a network system. In someembodiments, a referred user can be notified of any changes in privacylevel or user access for the referring shared content, whether the useraccess is increased from its existing level to a greater number ofusers, or decreased to a lesser number of users. Some embodiments allowa user to provide permission whether to allow the change in user accessor not. Various privacy settings allow users to designate how they wishto be notified and provide permissions for different types of useraccess changes, types of content, and/or other circumstances. Thesefeatures enable a user to customize how information about the user isdistributed and publicized to other users of the network system. Forexample, a referred user may wish to be notified and given theopportunity to provide permission if another user wants to allow alarger set of users than the existing set to see a photo of the referreduser, since the referred user wants to maintain privacy of photosdepicting him or her to only a small set of friends or family. Inanother example, a referred user may wish to be notified and/or be givena permission opportunity when referring content is going to be reducedin user access, since the referred user may want the existing set ofusers to continue seeing that content, and/or may want to publicizereferring content for publicity or marketing reasons.

Although the description has been described with respect to particularembodiments thereof, these particular embodiments are merelyillustrative, and not restrictive. Concepts illustrated in the examplesmay be applied to other examples and embodiments.

Note that the functional blocks, methods, devices, and systems describedin the present disclosure may be integrated or divided into differentcombinations of systems, devices, and functional blocks as would beknown to those skilled in the art. Any suitable programming language andprogramming techniques may be used to implement the routines ofparticular embodiments. Different programming techniques may be employedsuch as procedural or object-oriented. The routines may execute on asingle processing device or multiple processors. Although the steps,operations, or computations may be presented in a specific order, theorder may be changed in different particular embodiments. In someembodiments, multiple steps or blocks shown as sequential in thisspecification may be performed at the same time.

What is claimed is:
 1. A method for enabling user privacy for content ona network, the method comprising: providing shared content contributedby a first user, wherein the shared content is stored by a socialnetwork system and is accessible to an existing set of other users ofthe social network system, wherein one or more referred users of thesocial network system are identified by the shared content, wherein theone or more referred users are different than the first user; receivinginput from the first user instructing at least one change in user accessto the shared content, wherein the at least one change modifies the useraccess from the existing set of other users of the social network systemto a different set of users of the social network system; checkingprivacy settings stored by a computer system and associated with each ofthe one or more referred users identified by the shared content, eachprivacy setting selected by the associated referred user and indicating:whether the associated referred user is to be sent a notificationindicating that the at least one change in user access has beeninstructed, and whether the associated referred user is to be sent aprompt requesting that the associated referred user provide a permissionto allow the at least one change in user access to be performed; causingthe notification to be sent to each of the referred users who areassociated with corresponding privacy settings requiring thenotification; causing the prompt to be sent to each of the referredusers who are associated with privacy settings requiring the prompt;changing the user access to the different set of users of the socialnetwork system in response to receiving the permission from one or moreof the prompted referred users; and modifying the at least oneinstructed change in user access of the shared content in response toreceiving at least one denial of permission from one or more of theprompted referred users.
 2. The method of claim 1 wherein the existingset of users is a first predetermined user group associated with thefirst user and wherein the different set of users is a secondpredetermined user group associated with the first user.
 3. The methodof claim 1, wherein at least one of the privacy settings indicates oneor more indicated users of the network system, wherein the notificationis caused to be sent in response to at least one of the indicated usersnot being included in the existing set of other users and being includedin the different set of users.
 4. The method of claim 1, wherein atleast one of the privacy settings indicates one or more indicated usersof the network system, wherein the notification is caused to be sent inresponse to at least one of the indicated users being included in theexisting set of other users and not being included in the different setof users.
 5. The method of claim 1 wherein the existing set of otherusers includes multiple users and includes a smaller number of users ofthe network than the different set of users.
 6. The method of claim 1wherein the existing set of other users includes a larger number ofusers of the network than the different set of users.
 7. The method ofclaim 5 wherein the existing set of other users is a first linked levelof users including only users having a social link to the first user,and wherein the different set of users includes the first linked levelusers and one or more extended linked levels of users having a sociallink to the first linked level users.
 8. The method of claim 1 whereineach privacy setting indicates whether the associated referred user isrequired to provide the permission before the at least one instructedchange in user access is allowed to the shared content, and wherein thenotification is sent before the at least one change in user access ismade.
 9. The method of claim 1 wherein in response to receiving the atleast one denial of permission: not performing the at least oneinstructed change in access, or performing the at least one change inuser access for the shared content except for one or moreidentifications of the denying referred users, the identificationsassociated with the shared content, and maintaining access to theexisting set of other users to the identifications.
 10. The method ofclaim 1 wherein the prompt allows the prompted referred users to eachspecify a different change in user access to the shared content than theinstructed change in user access.
 11. The method of claim 1 wherein theone or more referred users associated with the shared content areidentified in the shared content by at least one tag associated with theshared content, wherein the at least one tag is viewable by users havingaccess to the shared content.
 12. The method of claim 1 wherein theshared content includes at least one of a photo, text, a video, an audiorecording, and an indication of a physical location of the one or morereferred users.
 13. The method of claim 1, wherein at least one of theprivacy settings indicates one or more indicated users of the networksystem, wherein the one or more indicated users include one or moreusers included in one or more user groups specified in the privacysettings.
 14. The method of claim 1 further comprising: receiving asuggested change in user access to the shared content from at least oneof the prompted referred users; and causing the suggested change in useraccess to be sent to at least one of the prompted referred users with arequest for permission to allow the suggested change in user access. 15.A system for enabling user privacy for shared content, the systemcomprising: a storage device storing shared content; and at least oneprocessor accessing the storage and operative to perform operationscomprising: providing shared content contributed by a first user,wherein the shared content is stored by a social network system and isaccessible to an existing set of other users of the social networksystem, wherein one or more referred users of the social network systemare identified by the shared content, wherein the one or more referredusers are different than the first user; receiving input from the firstuser instructing at least one change in user access to the sharedcontent, wherein the at least one change modifies the user access fromthe existing set of other users of the social network system to adifferent set of users of the social network system; checking privacysettings stored by a computer system and associated with each of the oneor more referred users identified by the shared content, each privacyselected by the associated referred user and indicating: whether theassociated referred user is to be sent a notification indicating thatthe at least one change in user access has been instructed, and whetherthe associated referred user is to be sent a prompt requesting that theassociated referred user provide a permission to allow the at least onechange in user access to be performed; causing the notification to besent to each of the referred users who are associated with correspondingprivacy settings requiring the notification; causing the prompt to besent to each of the referred users who are associated with privacysettings requiring the prompt; changing the user access to the differentset of users of the social network system in response to receiving thepermission from one or more of the prompted referred users; andmodifying the at least one instructed change in user access of theshared content in response to receiving at least one denial ofpermission from one or more of the prompted referred users.
 16. Thesystem of claim 15 wherein the prompt allows the one or more referredusers to each specify a different change in user access to the sharedcontent than the instructed change in user access.